Skip to content

DataPrime query structure

A DataPrime query is structured as a sequence of commands applied to a dataset. Each operation processes the data and passes its output to the next operation, forming a pipeline that refines and transforms the data step-by-step.

source logs | <command> ... | <command> ... | ...

The source specifies the dataset to be queried (e.g., logs or spans). If no source command is included as part of a DataPrime query, the query will behave as if prefixed with source logs. In other words, all queries where a source is not explicitly defined otherwise will query logs.

Commands define the actions to be performed on the data, such as filtering, grouping, sorting, or transforming.

Whitespace is ignored, allowing users to write multi-line queries.

source logs
| <command> ...
| <command> ...
| ...
Each command can be used to progressively transform and refine the results of a query. By composing multiple commands together, you can build complex operations that work seamlessly to satisfy your analytical requirements.

source logs 
| filter $m.severity == ERROR 
| groupby $l.subsystem as service aggregate count() as error_count 
| orderby $d.error_count desc 
| limit 5

Data is represented with the keypath prefixes representing the actual user data ($d), user labels ($l), and metadata ($m).

Note

As $d is the default prefix, there is no need to use it. It is used here for illustration purposes.

Previous Previous Welcome to the DataPrime Beginner’s Guide
Next How data is represented in DataPrime Next
Home
User Guides User Guides
DataPrime DataPrime
Integrations Integrations
OpenTelemetry OpenTelemetry
Developer Portal Developer Portal